See an unfamiliar term? Check the newsletter glossary.
newsletter://mv.com
July 2003
Mirrors for MV Customers
MV has long had several mirrors of TUCOWS software, graciously oper-
ated by Eric Poole of RKT Technologies. These mirrors provide a local
repository of TUCOWS famous software collections, and can be accessed on
the web at tucows.mv.net, games.tucows.mv.net, mac.tucows.mv.net, and lin-
uxberg.mv.net.
This mirror site spent most of its life until now at the end of a T1
line at RKT Technologies' location. Recently the server has been moved to
the colo facility at MV Communications, where it has access to higher band-
width.
Eric has recently added mirrors for FreeBSD as well as the Debian, Red
Hat, and Slackware Linux distributions. Unlike the various TUCOWS mirrors,
which are open to anybody, the FreeBSD and Linux mirror archives are open
only to access from MV customer networks. This is primarily to avoid being
swamped by requests -- we may remove that restriction in the future.
These new archives are available by FTP, at ftp://mirrors.mv.net/.
Connect to the pub directory to find them.
ID theft & "phisher" sites
Recently there have been news reports about so-called "phisher" sites,
which are systems set up to send notices, alerts, or other kinds of fraudu-
lent messages designed to trick people into revealing sensitive or private
information. Whether these stories are exaggerated or not, the danger of
ID theft or theft of personal information is always out there, whether it
be on the Internet or in "real life." Information theft is often accom-
plished through social engineering, which is simply using social skills to
convince somebody to hand over access to that information. Remember the
old joke that you can go anywhere and do anything as long as you are carry-
ing a clipboard? Social engineering is usually no more sophisticated than
that: it is just convincing people that one has some sort of authority to
have access to something, and then asking for or taking that access.
One notorious form of social engineering is to send a victim a message
(e.g. an email message) saying something like, "we need to update your
account, please give us your name and password." Amazingly, this works in
a lot of cases. MV Communications will not ask anybody for these kinds of
"account updates" . We have an established set of verification procedures,
and for most significant changes this involves us calling you at numbers we
have on file for you. Occasionally we will ask you for a password or a
catch-phrase in response to a request that you initiated, but never out of
the blue, and only because of an action that you took in the first place.
When in doubt, call us!
For more information about ID theft, see:
www.consumer.gov/idtheft
Log files in exclusive servers
If you have an "exclusive" web server at MV, did you know that you
have access to the raw usage logs for that server? When you FTP to your
account login, simply go up one directory level. There, you'll see an file
"logs" which is a directory containing each at least a month's period (usu-
ally more). The files are named yyyymmdd representing the date that the
usage occurred. Some files have a ".gz" extension, meaning that they are
compressed using the "gzip" tool.
Note that the files are created overnight following the usage -- i.e.
they do not change every time an access occurs.
Next rev spam filters
Thanks again for the positive feedback on our initial round of spam
filtering technology. We are about to make the next revision available.
The underlying filtering tool is in place now, and we are finishing up the
web interface that you will use to configure your preferences. With this
next revision you will be able to specify what happens to your mail based
on who sent it, who is listed in the To or CC lines, and what is contained
in various portions of the mail header. You will be able to store your
mail into particular folders, forward to other location(s), send a rejec-
tion notice to the sender, or simply discard it.
Note that we strongly recommend against sending rejection notices
unless you need them for some reason. Rejection notices to spammers nearly
never reach the sender, and if they do, they are only used to add your name
to a list of confirmed recipients. Furthermore, spam is often forged,
often by virus-like programs that scan valid addressbooks for legitimate
addresses. So your rejection notice to a spam could be sent to somebody
whose address just happened to be in some other victim's address book.
Finally, since so many spam return addresses are unreachable, rejection
notices just waste our server's resources needlessly.
These new capabilities should be available by the last week of July.
And remember, we're still working on further techniques! Expect another
revision in a couple months, with more sophisticated features.
Note to hackers: we know there are a bunch of programmers among our
customer base. If you dare, you can have a look at www.mv.com/tools which
describes the underlying filter language, via which you can construct your
own filters without using the web front-end. For most people, though, we
think the front-end is much better.
MV's mail blocking policies?
Speaking of SPAM, we are sometimes asked if we are blocking mail from
specific sources. On principal we are opposed to blocking mail on your
behalf, but we do sometimes find it necessary to take action to protect the
operation of our servers and our network. So that you can be informed of
any such actions that apply to mail on an MV-wide basis, we created a web
page (updated nightly plus whenever there is any change) describing our
policies in this area. This is linked to our usage policies page (you
should be checking this periodically for other reasons) -- go to
www.mv.com, and you'll find the "Usage Policies" link in the "MV Informa-
tion" pulldown.
MV Communications, Inc. PO Box 4963, Manchester, NH 03108 (603) 629-0000